YouPorn sued for sniffing browser history

A lawsuit accuses the operator of a porn site of checking whether a visitor had been to other Web sites using "history sniffing." UCSD researchers say YouPorn isn't alone.

A site for sharing pornographic content is the target of a lawsuit accusing it of improperly checking what other Web sites visitors had used.

Plaintiffs David Pitner and Jared Reagan, both of Newport Beach, Calif., accuse YouPorn operator Midstream Media of the Netherlands of violating the U.S. Computer Fraud and Abuse Act and California's computer crime law; of engaging in deceptive and unfair business practices; and of unlawful and unfair competition.

The suit, filed Friday in U.S. District Court for the central district of California, accuses YouPorn of, among other things, "intentionally accessing plaintiffs'...computers without authorization." The plaintiffs are seeking class-action status, an injunction to stop the history sniffing practice, and payment for damages.

YouPorn didn't immediately respond to a request for comment.

The nub of the issue, as mentioned above, is a practice called history sniffing. Browsers generally keep track of what Web sites a person has visited, showing the links in different colors depending on whether they've visited or not. Browser sniffing essentially asks the browser what color should be used for various links; the answer can reveal the browsing history.

According to the lawsuit and to some poring through YouPorn's now-withdrawn JavaScript code by Kashmir Hill at Forbes, YouPorn had obfuscated the sites it was checking for by shifting letters one place forward in the alphabet.

"Thus, 'qpsoivc/dpn,' for example, becomes 'pornhub.com.' It is only at the last minute that this encoded URL is translated to the correct URL to be compared to plaintiffs' browsing history," the suit said.

History sniffing has been a matter of concern for years. In March, Mozilla announced it was adapting Firefox to block browser sniffing. And more recently, University of California at San Diego researchers analyzed the top 50,000 sites on the Alexa global top Web site list for instances of browser sniffing.

The UCSD researchers results found 46 Web sites using browser sniffing (click for PDF of their paper), of which YouPorn was the highest ranked.

"We also found that many of these Web sites make use of a handful of third-party history-sniffing libraries. In particular, of the 46 cases of confirmed sniffing, 22 sites use history-sniffing code from Interclick.com and 14 use history-sniffing code from Meaningtool.com," the UCSD researchers said.

Mozilla has added the history sniffing countermeasure to Firefox; it's set to debut in Firefox 4. For details on the approach, check L. David Baron's post on the subject.

UCSD researchers concluded these Web sites engage in browser history sniffing. Shown here are the sites, their rank in Alexa's list of the top 50,000 Web sites, and the Web addresses for which each site checked a browser's history. UCSD
 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Find Your Tech Type

Take our tech personality quiz and enter for a chance to win* high-tech specs!